Windows 98 on a dual network

We have some PCs on our network that are set up with 2 network cards. This is so that they can get access to different physical networks. These networks have a Unix Firewall between them. The management in our organisation would like the ability to use applications on both networks. However there are security implications as a result of doing it (therefore the Firewall!).

My question is: Is there firewall software (as good as any Unix firewall) for Windows 98 that we can secure these PCs on both networks with 2 network cards in them?

nhumphrey: Are you talking about replacing your existing firewall with a Win98-based firewall, or are you asking how to ensure that your Win98 machines which have two network cards don't act as an insecure

Try Winproxy (www.winproxy.com). Winproxy is a pretty simple little program, relatively powerful, and pretty easy to configure. Hopefully that will work out for ya.

PC1: This box will basically act as your gateway, with the firewall software installed on it. The first NIC will give it LAN access, the second will be used for your Internet connection, whatever it may be (T1, DSL, etc.)

PC2: All you should have to do on this box is specify PC1's IP address as it's gateway, along with the DNS info. Should work like a champ.

nhumphrey: Are you talking about replacing your existing firewall with a Win98-based firewall, or are you asking how to ensure that your Win98 machines which have two network cards don't act as an insecure connection between the two networks?

I suspect it's the second, so here goes...

On general principles, it would be better not to let any of your network security depend on Windows 9x software of any kind. Instead, put the machines which need access to both networks (let's call them dual-access machines, for convenience) on one or the other network, with just one network card each. Then find a way to reconfigure your Unix firewall so that it selectively lets these dual-access machines on one network access the other network. That way your unix firewall controls the security, and you don't have to worry about finding a Win98 firewall.

Another possible solution is to reconfigure your Unix firewall so that it firewalls between three networks A, B, C, where A and B are your current two networks and C is a new, "privileged" network that is allowed access to both A and B. Then put the dual-access machines on network C.

These suggestions are based on an incomplete picture of your current situation and what you're trying to achieve - if you can give more details, you'll get more specific advice.

I think Vijay is on the money. I would much rather use the unix box as the only path. But for what it's worth I have a few clients using Black ice with a no cracks yet. It seems to work fine. It is much better than a proxy or nothing for a network with that many holes.

I am surprised and extremely extatic about the replies I have received.

Also, I apologise for the lack of details. It's a very complex and hard to explain situation and that was the simplest way I could put it.

You did assume correctly, but anyway ....

In answer to YOUR questions. No we would never replace a Unix firewall with a Windows one. It is just an unusual circumstance in which there is a unix firewall between 2 need-to-be-separate networks. And people that would like to use apps on both sides - which breaks the firewall rules anyway - and will only work in "Windows" (even though they complain about the constant crashing). Hense the dual-network idea. (We did try Windows NT originally just to confuse matters but the apps ran to slow as they're old 16-bit Windows software).

Out of the 3 replies so far your's seems to make the most sense. Why trust Windows as a firewall cause it isn't! I know it has too many holes, but personally I've never tried to crack them so I wouldn't know (LOL). Just to clear things up I am a neutral OS person!

Unfortunately the boss has already decided on 2 machines, 1 on each network with a switch between them. So be it. I accept the challenge.

Otherwise I might have gone for a solution Like Black Ice or Unix firewall rules (however, the latter I don't really understand yet)

Now if you'll excuse me : I've been accused of using a lousy insecure password : time to change the server accounts.

0

Featured Post

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.

If you're not part of the solution, you're part of the problem.
Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet. Use PRTG Network Monitor as one of the building blocks, to detect unusual…

Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail. The methods are covered in more detail in o…